Results for: Multi-Factor Authentication

Two months after the cyberattack on Change Healthcare, the extent of the impact on Americans remains uncertain. CEO Andrew Witty initially estimated that a substantial proportion of Americans were affected, while later testifying in a House hearing that it may be around a third. The company is still investigating the breach and has not yet notified victims. Witty stated that there is no evidence of sensitive medical data being stolen, but the hackers exploited a lack of multi-factor authentication on a Change Healthcare portal, leading to the breach. Senators criticized the company for this failure.

Following the ransomware attack on its subsidiary Change Healthcare, UnitedHealth Group has enabled multi-factor authentication (MFA) across all of its systems exposed to the internet. Previously, a lack of MFA on Change Healthcare’s systems allowed hackers to access a server and breach the company’s network. UnitedHealth Group CEO Andrew Witty acknowledged the omission and blamed it on the incomplete integration of Change Healthcare’s systems after the acquisition in 2022. Despite a company-wide policy requiring MFA on external systems, Witty admitted that one server lacked protection, enabling the hackers’ entry point. At a congressional hearing, Witty faced questions about the cyberattack and the reasons for the unenforced policy. UnitedHealth Group is still working to determine the full impact of the hack and has not yet notified affected individuals.